A buffer overflow vulnerability exists in Easy Outlook Express Recovery 2.0, which could allow an attacker to cause a denial of service condition. The vulnerability is due to an input validation error when handling a specially crafted registration key. An attacker can exploit this vulnerability by creating a malicious registration key and pasting it into the registration key field. Successful exploitation of this vulnerability could result in a denial of service condition.
Mumsoft Easy Software 2.0 is vulnerable to a Denial of Service attack. An attacker can create a malicious payload of 256 bytes and paste it into the registration key field, which will cause the application to crash.
Helpdezk 1.1.1 is vulnerable to arbitrary file upload. An attacker can upload a malicious file to the server by sending a specially crafted HTTP request. This vulnerability exists in more than one file, including upload.php, upload2.php, upload3.php, upload_dsh_image.php, upload_file.php, upload_icon.php, manage_attachments.php, manage_icons.php, and upload_file_knowledgebase.php. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious file attached.
Warranty Tracking System 11.06.3 is vulnerable to SQL Injection. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'txtCustomerCode' parameter of the 'SearchCustomer.php' script. An attacker can exploit this vulnerability to inject arbitrary SQL commands and gain access to sensitive information from the database.
PHP Mass Mail 1.0 is vulnerable to an arbitrary file upload vulnerability. An attacker can upload a malicious file to the server by sending a specially crafted HTTP POST request to the send.php page. This can be exploited to execute arbitrary code on the server.
2-Plan Team is vulnerable to an arbitrary file upload vulnerability. An attacker can upload a malicious file to the web server by sending a specially crafted HTTP request to the managefile.php script. This can be used to execute arbitrary code on the server.
Simple E-Document 1.31 is vulnerable to SQL Injection. This vulnerability exists due to insufficient sanitization of user-supplied input to the 'username' parameter in the 'login.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's database. This can be exploited to bypass authentication and gain access to the application.
Kordil EDMS 2.2.60rc3 is vulnerable to an arbitrary file upload vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This request contains malicious code in the form of a file which is uploaded to the server. This can be used to gain access to the server and execute arbitrary code.
A SQL injection vulnerability exists in Meneame English Pligg 5.8. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database.
Notepad3 is vulnerable to a denial of service attack when a maliciously crafted file is opened. When the user attempts to open the file, Notepad3 will crash due to a buffer overflow. The exploit is triggered when the user attempts to encrypt the file using a passphrase. The malicious file contains a 256 byte buffer of 'A' characters, which causes the application to crash.
Services By CQR